Vulnerabilities > Apache > Sentry

DATE CVE VULNERABILITY TITLE RISK
2018-08-23 CVE-2018-8028 Missing Authorization vulnerability in Apache Sentry
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1.
network
low complexity
apache CWE-862
8.8
2016-08-19 CVE-2016-0760 Improper Access Control vulnerability in Apache Sentry 1.5.1/1.6.0
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
network
low complexity
apache CWE-284
8.8